// ClientFromPublishSettingsDataWithConfig unmarshalls the contents of a publish settings file // from https://manage.windowsazure.com/publishsettings. // If subscriptionID is left empty, the first subscription in the string is used. func ClientFromPublishSettingsDataWithConfig(data []byte, subscriptionID string, config ClientConfig) (client Client, err error) { publishData := publishData{} if err = xml.Unmarshal(data, &publishData); err != nil { return client, err } for _, profile := range publishData.PublishProfiles { for _, sub := range profile.Subscriptions { if sub.ID == subscriptionID || subscriptionID == "" { base64Cert := sub.ManagementCertificate if base64Cert == "" { base64Cert = profile.ManagementCertificate } pfxData, err := base64.StdEncoding.DecodeString(base64Cert) if err != nil { return client, err } pems, err := pkcs12.ToPEM(pfxData, "") cert := []byte{} for _, b := range pems { cert = append(cert, pem.EncodeToMemory(b)...) } config.ManagementURL = sub.ServiceManagementURL return makeClient(sub.ID, cert, config) } } } return client, fmt.Errorf("could not find subscription '%s' in settings provided", subscriptionID) }
// Reload certificate func (c *certificate) reload() error { keystoreBytes, err := ioutil.ReadFile(c.keystorePath) if err != nil { return err } pemBlocks, err := pkcs12.ToPEM(keystoreBytes, c.keystorePass) if err != nil { return err } var pemBytes []byte for _, block := range pemBlocks { pemBytes = append(pemBytes, pem.EncodeToMemory(block)...) } certAndKey, err := tls.X509KeyPair(pemBytes, pemBytes) if err != nil { return err } certAndKey.Leaf, err = x509.ParseCertificate(certAndKey.Certificate[0]) if err != nil { return err } atomic.StorePointer(&c.cached, unsafe.Pointer(&certAndKey)) return nil }
// parseKeystore takes a PKCS12 keystore and converts it into a series of // serialized PEM blocks for certificates/private key. The keystore is expected // to contain exactly one private key and one or more certificates. func parseKeystore(data []byte, password string) (certs, key []byte, err error) { blocks, err := pkcs12.ToPEM(data, password) for _, block := range blocks { if strings.Contains(block.Type, "PRIVATE KEY") { if key != nil { return nil, nil, fmt.Errorf("invalid keystore: found multiple private keys in pkcs12 file") } key = pem.EncodeToMemory(block) } else if block.Type == "CERTIFICATE" { certs = append(certs, pem.EncodeToMemory(block)...) certs = append(certs, '\n') } } return }
func main() { b, e := ioutil.ReadFile("/home/figo/data/testCer/Certificates.p12") if e != nil { fmt.Println("@error:", e) return } blocks, err := pkcs12.ToPEM(b, "111") if err != nil { fmt.Println("@error:", err) return } var pemData []byte for _, b := range blocks { pemData = append(pemData, pem.EncodeToMemory(b)...) } cert, err := tls.X509KeyPair(pemData, pemData) if err != nil { panic(err) } fmt.Println("success @cert:", cert) buf := bytes.NewBufferString("") for _, b := range blocks { pem.Encode(buf, b) } log.Println("------------------") // fmt.Println("-- cer buffer is -") // fmt.Println("------------------") // fmt.Println(buf.String()) // fmt.Println("------------------") block, _ := pem.Decode([]byte(buf.String())) if block == nil { log.Println("failed to parse certificate PEM") } c, err := x509.ParseCertificate(block.Bytes) if err != nil { log.Println("failed to parse certificate: " + err.Error()) } log.Println("------------------") log.Println("@commonName:", c.Subject.CommonName) log.Println("------------------") print(c.Subject) log.Println("------------------") print(c.Issuer) }
// readCertsFromStream takes some input and converts it to PEM blocks. func readCertsFromStream(reader io.Reader, filename string, format string, password func(string) string, callback func(*pem.Block)) error { headers := map[string]string{} if filename != "" && filename != os.Stdin.Name() { headers[fileHeader] = filename } switch format { case "PEM": scanner := pemScanner(reader) for scanner.Scan() { block, _ := pem.Decode(scanner.Bytes()) block.Headers = mergeHeaders(block.Headers, headers) callback(block) } case "DER": data, err := ioutil.ReadAll(reader) if err != nil { return fmt.Errorf("error reading input: %s\n", err) } x509Certs, err := x509.ParseCertificates(data) if err == nil { for _, cert := range x509Certs { callback(EncodeX509ToPEM(cert, headers)) } return nil } p7bBlocks, err := pkcs7.ParseSignedData(data) if err == nil { for _, block := range p7bBlocks { callback(pkcs7ToPem(block, headers)) } return nil } return fmt.Errorf("error parsing certificates from DER data\n") case "PKCS12": data, err := ioutil.ReadAll(reader) if err != nil { return fmt.Errorf("error reading input: %s\n", err) } blocks, err := pkcs12.ToPEM(data, password("")) if err != nil || len(blocks) == 0 { return fmt.Errorf("keystore appears to be empty or password was incorrect\n") } for _, block := range blocks { block.Headers = mergeHeaders(block.Headers, headers) callback(block) } case "JCEKS": keyStore, err := jceks.LoadFromReader(reader, []byte(password(""))) if err != nil { return fmt.Errorf("error parsing keystore: %s\n", err) } for _, alias := range keyStore.ListCerts() { cert, _ := keyStore.GetCert(alias) callback(EncodeX509ToPEM(cert, mergeHeaders(headers, map[string]string{nameHeader: alias}))) } for _, alias := range keyStore.ListPrivateKeys() { key, certs, err := keyStore.GetPrivateKeyAndCerts(alias, []byte(password(alias))) if err != nil { return fmt.Errorf("error parsing keystore: %s\n", err) } block, err := keyToPem(key, mergeHeaders(headers, map[string]string{nameHeader: alias})) if err != nil { return fmt.Errorf("error reading key: %s\n", err) } callback(block) for _, cert := range certs { callback(EncodeX509ToPEM(cert, mergeHeaders(headers, map[string]string{nameHeader: alias}))) } } } return fmt.Errorf("unknown file type: %s\n", format) }